IT security news on the latest technology and the number one resource for your hardware and software needs.
Visit us at www.hyphenet.com

Tuesday, August 20, 2013

Microsoft Windows XP Upgrade or Risk Infinite “Zero-Days”

Image Credit: Computer Weekly

For everyone who is using Microsoft Windows XP, you may want to abort
the program. The 12-year-old operating system will no longer have
support by next April. You need to upgrade your Microsoft Windows XP or
risk infinite “zero-days”.
Tim Rains, director of Microsoft Trustworthy Computing, posted a blog last week reminding customers
of the risk they would be taking if they continued to run Windows XP.
All users are urgently asked to upgrade to Windows 7 or 8.
April 8, 2014, Windows XP will have a Service Pack 3 (SP3) stating
that customers will no longer receive secuity news updates. Also,
non-security hotfixes, free or paid assisted support options and online
technical content updates will no longer be available.
When Microsoft ends support for Windows XP, it will probably be
vulnerable to outdated Windows versions. So attackers and spammers will
have free reign on XP endpoints. With that said, Windows XP will have a
‘zero day‘ susceptibility forever.
With knowledge of zero-day, you will never know if you can trust the
computing base system you are on. Attackers know about this
vulnerability and are well aware of the compromised situation. You must
stay ahead of the game, and protect yourself.

Who’s In?

According to a study handled by VMware, 64 percent of enterprise-size
companies have not migrated to Microsoft Windows XP. 52 percent of
midsize firms and 61 percent of SMBs are also at risk.

“Common challenges such as end-user-downtime, data loss,
migration failures and effort to upgrade remote employees can all be
avoided if you plan ahead, “wrote Sarah Semple, VMware’s director of
product marketing.

Many companies haven’t switched over because of the cost of the
implementation. It is estimated that, based on a 10,000-PC environment,
the expense of migration is between $1,205 and $1,999 per machine.
That is a lot of money, but if you look at the risk your company is
susceptible of , it is very much worth it.

The Flaws

Microsoft also has 33 other flaws aside from the zero-day
vulnerability. The software giant issued seven bulletins in early July,
six of those were rated “critical”. The flaws urgency to be fixed in
Microsoft Office, Internet Explorer, DirectShow, .NET, and Silverlight
are targeted. Remote attackers will gain access of discerning systems
and files.
One of the flaws reported, had Metasploit module created and alows an attacker to elevate system privileges.

A Windows True Type Font parsing vulnerability
that appears in three independent bulletins is also concerning, because
it is found in an assortment of Microsoft products. – Technical Manager
of Security Research and Development Group at Tripwire.
Microsoft revealed a new policy that requires developers to create
apps for the Windows Store, Windows Phone Store, Office Store, and Azure
Marketplace to fix any security vulnerabilities within a definitive
time frame. This policy demands developers to fix these security issues
within six months. The company declared the right to remove an app
from any store that is being targeted or if it exceeds the six month
brink.
So tell your friends and co-workers, get rid of Microsoft Windows XP before you put yourself at risk of an unnecessary attack.